20a2c30c019c5f4a05396d8910677244b48bae105e951c3a98586b118e3d1f15_3220.trace.hooklog Bahavior Analysis
# 25613000   LoadLibrary
    lpFileName=C:\WINDOWS\system32\IMM32.DLL
    Return=SUCCESS
# 25699000   LoadLibrary
    lpFileName=gdi32.dll
    Return=SUCCESS
# 25669000   LoadLibrary
    lpFileName=LPK.DLL
    Return=SUCCESS
# 25744000   RegQueryValue
    hKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout
    Return=0
# 25744000   RegQueryValue
    hKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\RWLockResourceTimeOut
    Return=2
# 25765000   RegQueryValue
    hKey=HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    Return=0
    type=REG_DWORD
    data=0
# 25865000   CreateFile
    hName=C:\WINDOWS\WindowsShell.Manifest
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 25892000   RegQueryValue
    hKey=HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
    Return=2
# 25893000   RegQueryValue
    hKey=HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
    Return=2
# 25894000   RegEnumValue
    hKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\SURR
    type=REG_DWORD
    data=2
    Return=0
# 25795000   LoadLibrary
    lpFileName=comctl32.dll
    Return=SUCCESS
# 25973000   RegQueryValue
    hKey=HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
    Return=2
# 25974000   LoadLibrary
    lpFileName=imm32.dll
    Return=SUCCESS
# 25914000   LoadLibrary
    lpFileName=comctl32.dll
    Return=SUCCESS
# 26031000   RegQueryValue
    hKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
    Return=0
# 26176000   LoadLibrary
    lpFileName=KERNEL32.DLL
    Return=SUCCESS
# 26178000   LoadLibrary
    lpFileName=KERNEL32.DLL
    Return=SUCCESS
# 26180000   LoadLibrary
    lpFileName=KERNEL32.DLL
    Return=SUCCESS
# 26189000   LoadLibrary
    lpFileName=KERNEL32.DLL
    Return=SUCCESS
# 26198000   LoadLibrary
    lpFileName=advapi32.dll
    Return=SUCCESS
# 26200000   LoadLibrary
    lpFileName=advapi32.dll
    Return=SUCCESS
# 26202000   LoadLibrary
    lpFileName=advapi32.dll
    Return=SUCCESS
# 26205000   LoadLibrary
    lpFileName=oleaut32.dll
    Return=SUCCESS
# 26206000   LoadLibrary
    lpFileName=shell32.dll
    Return=SUCCESS
# 26208000   LoadLibrary
    lpFileName=user32.dll
    Return=SUCCESS
# 26214000   LoadLibrary
    lpFileName=user32.dll
    Return=SUCCESS
# 26216000   LoadLibrary
    lpFileName=user32.dll
    Return=SUCCESS
# 26218000   LoadLibrary
    lpFileName=winmm.dll
    Return=SUCCESS
# 26220000   LoadLibrary
    lpFileName=winmm.dll
    Return=SUCCESS
# 26275000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26275000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26380000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26380000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26481000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26481000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26583000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26583000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26686000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26686000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26792000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26792000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26871000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26871000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26974000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 26974000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 26978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 26998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 26998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 26999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 26999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27072000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27072000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27173000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27173000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27273000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27273000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27373000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27373000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27473000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27473000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27571000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27571000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27670000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27670000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27770000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27770000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27873000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27873000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27971000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 27971000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 27974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 27997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 27998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 27999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 27999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28071000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28071000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28173000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28173000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28273000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28273000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28370000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28370000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28474000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28474000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28573000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28573000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28674000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28674000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28772000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28772000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28870000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28870000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28969000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 28969000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 28972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 28996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 28997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 28999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 28999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29068000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29068000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29170000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29170000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29271000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29271000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29375000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29375000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29469000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29469000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29569000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29569000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29668000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29668000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29767000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29767000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29869000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29869000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29968000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 29968000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 29972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 29995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 29996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 29997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 29999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30068000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30068000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30172000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30172000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30270000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30270000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30370000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30370000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30469000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30469000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30568000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30568000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30666000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30666000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30769000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30769000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30872000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30871000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30966000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 30966000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 30970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 30994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 30995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 30997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 30999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31070000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31070000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31167000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31167000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31268000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31268000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31366000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31366000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31470000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31470000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31568000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31568000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31668000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31668000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31767000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31767000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31867000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31867000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31970000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 31970000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 31974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 31994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 31997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 31998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 31999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32067000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32067000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32169000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32169000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32269000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32269000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32365000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32365000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32466000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32466000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32565000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32565000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32665000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32665000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32765000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32765000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32865000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32865000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32968000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 32968000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 32972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 32995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 32996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 32997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 32999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33063000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33063000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33164000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33164000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33264000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33264000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33366000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33366000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33465000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33465000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33567000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33567000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33665000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33665000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33765000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33765000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33863000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33863000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33962000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 33962000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 33966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 33996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 33998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 33998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 33999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34062000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34062000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34163000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34163000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34263000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34263000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34363000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34363000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34463000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34463000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34561000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34561000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34662000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34662000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34767000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34767000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34862000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34862000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34964000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 34964000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 34967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 34995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 34996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 34997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 34998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35064000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35064000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35160000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35160000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35259000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35259000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35360000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35360000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35463000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35463000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35563000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35563000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35669000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35669000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35762000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35762000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35862000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35862000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35962000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 35962000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 35966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 35997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 35998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 35999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 35999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36062000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36062000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36160000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36160000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36260000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36260000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36362000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36362000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36464000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36464000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36559000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36559000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36662000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36662000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36759000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36759000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36863000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36863000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36958000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 36958000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 36962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 36998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 36998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 36999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 36999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37061000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37061000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37164000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37164000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37260000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37260000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37358000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37358000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37458000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37458000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37558000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37558000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37658000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37658000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37765000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37765000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37857000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37857000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37958000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 37958000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 37962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 37997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 37998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 37998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 37999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38057000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38057000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38156000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38156000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38258000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38258000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38355000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38355000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38457000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38456000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38558000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38558000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38656000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38656000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38753000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38753000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38854000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38854000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38956000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 38956000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 38959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 38996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 38997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 38998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 38998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39055000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39055000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39152000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39152000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39253000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39253000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39352000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39352000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39410000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39452000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39452000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39513000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39535000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39539000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39554000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39554000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39655000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39655000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39752000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39752000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39859000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39859000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39951000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 39951000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 39955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 39996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 39996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 39998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 39998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40051000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40051000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40151000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40151000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40183000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40189000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40249000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40249000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40354000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40354000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40452000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40452000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40551000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40551000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40614000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40618000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40655000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40655000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40738000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40750000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40750000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40850000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40850000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40947000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 40947000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 40951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 40996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 40996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 40998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 40998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41017000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41043000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41043000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41142000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41142000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41241000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41241000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41343000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41343000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41351000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41444000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41444000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41543000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41543000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41644000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41643000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41713000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41719000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41743000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41743000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41828000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41840000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41840000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41950000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 41950000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 41954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 41997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 41998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 41999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 41999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42040000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42040000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42160000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42160000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42245000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42245000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42319000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42321000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42338000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42338000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42378000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42382000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42437000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42437000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42527000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42538000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42538000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42600000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42604000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42605000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42609000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42637000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42637000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42645000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42688000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42738000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42738000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42839000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42839000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42927000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42936000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 42935000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 42939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42962000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 42997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 42997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 42999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 42999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43013000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43017000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43021000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43022000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43026000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43035000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43035000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43136000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43136000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43219000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43233000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43233000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43319000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43320000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43329000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43334000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43334000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43412000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43415000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43420000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43437000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43437000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43456000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43473000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43521000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43523000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43523000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43532000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43532000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43555000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43587000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43591000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43619000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43623000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43635000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43635000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43673000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43709000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43714000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43718000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43732000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43732000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43779000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43783000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43829000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43828000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43918000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43919000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43928000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 43928000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 43932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43954000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43973000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 43996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 43998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 43998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 43999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44005000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44030000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44045000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44045000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44096000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44104000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44110000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44113000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44115000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44124000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44128000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44128000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44159000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44179000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44216000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44218000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44218000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44221000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44229000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44229000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44238000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44256000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44288000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44320000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44321000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44326000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44326000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44360000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44364000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44373000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44373000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44377000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44387000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44391000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44391000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44395000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44413000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44414000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44415000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44420000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44427000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44426000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44438000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44442000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44460000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44513000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44515000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44515000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44517000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44526000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44526000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44529000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44611000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44614000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44617000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44631000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44631000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44655000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44678000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44720000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44725000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44725000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44749000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44787000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44791000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44809000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44813000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44818000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44819000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44820000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44826000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44826000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44850000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44876000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44892000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44896000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44898000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44908000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44912000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44913000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44917000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44917000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44918000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44926000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 44926000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 44930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44931000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44936000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44940000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44941000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44949000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44967000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44989000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 44997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 44998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 44999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 44999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45002000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45002000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45011000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45012000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45021000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45024000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45024000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45030000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45039000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45043000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45059000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45062000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45063000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45103000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45116000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45117000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45118000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45122000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45122000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45177000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45202000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45205000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45210000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45216000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45217000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45217000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45219000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45224000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45224000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45239000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45280000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45282000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45289000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45290000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45311000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45312000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45317000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45317000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45318000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45318000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45322000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45322000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45414000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45422000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45422000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45437000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45449000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45451000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45455000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45464000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45467000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45473000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45482000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45486000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45486000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45490000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45505000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45508000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45511000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45514000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45514000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45516000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45516000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45517000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45518000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45518000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45519000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45524000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45524000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45532000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45532000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45536000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45537000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45541000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45545000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45559000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45559000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45568000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45595000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45599000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45612000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45612000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45613000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45613000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45615000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45615000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45616000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45616000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45617000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45618000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45621000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45621000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45628000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45668000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45673000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45684000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45687000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45692000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45692000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45705000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45710000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45711000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45714000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45715000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45715000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45720000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45720000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45724000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45728000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45729000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45733000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45737000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45739000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45763000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45765000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45771000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45777000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45797000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45801000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45811000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45811000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45817000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45820000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45820000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45835000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45839000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45862000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45870000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45879000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45884000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45888000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45888000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45892000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45894000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45897000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45901000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45901000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45905000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45910000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45910000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45911000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45911000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45913000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45914000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45915000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45916000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45920000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 45920000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 45923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45928000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45936000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45940000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45946000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45950000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45954000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45959000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45963000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45965000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45973000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45974000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45981000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45983000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45992000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45992000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 45995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 45997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 45998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 45999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46007000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46009000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46012000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46013000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46015000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46019000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46019000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46025000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46027000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46031000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46039000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46045000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46047000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46048000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46049000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46051000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46053000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46054000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46064000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46068000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46068000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46070000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46082000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46084000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46095000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46114000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46114000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46115000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46116000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46125000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46125000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46149000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46154000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46154000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46160000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46164000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46164000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46177000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46181000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46187000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46191000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46197000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46199000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46205000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46207000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46214000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46214000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46215000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46215000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46219000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46219000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46223000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46224000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46225000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46227000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46229000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46229000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46237000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46242000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46245000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46246000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46251000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46251000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46255000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46256000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46257000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46259000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46261000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46263000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46265000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46269000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46270000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46274000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46277000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46279000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46279000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46283000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46294000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46298000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46298000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46300000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46304000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46305000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46306000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46315000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46315000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46316000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46316000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46320000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46320000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46325000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46329000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46335000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46347000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46355000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46361000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46365000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46367000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46379000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46389000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46395000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46404000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46405000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46410000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46411000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46411000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46412000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46413000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46417000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46417000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46426000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46430000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46444000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46458000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46462000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46470000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46478000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46480000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46482000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46488000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46494000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46496000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46496000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46500000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46502000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46502000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46505000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46507000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46507000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46509000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46510000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46515000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46515000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46546000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46547000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46549000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46550000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46551000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46555000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46561000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46563000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46568000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46571000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46574000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46583000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46589000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46595000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46600000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46603000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46607000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46608000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46609000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46615000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46615000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46621000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46623000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46625000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46627000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46629000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46651000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46653000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46655000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46658000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46658000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46660000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46660000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46666000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46674000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46676000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46678000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46679000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46680000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46694000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46698000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46704000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46706000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46710000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46711000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46712000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46712000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46713000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46716000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46716000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46722000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46728000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46730000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46732000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46734000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46736000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46738000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46741000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46744000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46744000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46752000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46758000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46759000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46764000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46769000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46773000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46773000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46777000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46786000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46786000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46790000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46791000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46795000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46799000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46800000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46804000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46804000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46805000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46807000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46809000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46810000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46810000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46813000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46814000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46814000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46819000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46819000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46823000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46823000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46825000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46827000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46827000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46831000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46832000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46833000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46836000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46837000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46841000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46841000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46845000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46845000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46847000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46849000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46851000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46854000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46854000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46855000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46859000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46863000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46867000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46867000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46873000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46876000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46881000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46885000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46889000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46889000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46890000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46890000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46891000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46891000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46893000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46893000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46894000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46895000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46895000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46896000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46897000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46898000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46899000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46899000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46900000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46900000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46902000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46902000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46903000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46903000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46905000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46907000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46908000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46909000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46909000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46912000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46915000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 46915000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 46919000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46923000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46924000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46928000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46931000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46935000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46938000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46939000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46942000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46942000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46943000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46944000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46946000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46947000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46947000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46948000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46955000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46957000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46959000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46960000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46961000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46965000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46966000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46967000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46969000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46971000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46971000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46972000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46972000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46974000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46977000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46977000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46980000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46982000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46984000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46984000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46985000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46985000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46986000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46986000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46990000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46991000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46991000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46995000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46996000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 46996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 46998000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 46998000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 46999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47000000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47000000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47001000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47003000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47003000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47004000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47008000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47008000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47009000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47010000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47010000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47011000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47014000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47014000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47018000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47018000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47019000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47019000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47020000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47020000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47022000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47023000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47023000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47024000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47024000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47025000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47026000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47027000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47028000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47029000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47031000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47032000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47032000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47033000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47034000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47036000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47036000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47037000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47037000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47038000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47038000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47040000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47041000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47043000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47045000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47046000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47046000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47047000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47048000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47049000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47051000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47052000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47052000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47053000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47054000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47056000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47057000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47062000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47063000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47065000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47066000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47067000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47069000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47070000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47071000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47072000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47073000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47074000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47079000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47083000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47085000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47087000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47088000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47089000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47096000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47097000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47103000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47104000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47105000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47106000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47107000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47111000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47115000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47115000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47119000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47121000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47131000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47135000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47139000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47140000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47144000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47144000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47148000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47149000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47153000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47153000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47163000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47165000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47165000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47166000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47166000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47168000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47169000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47170000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47171000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47172000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47175000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47175000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47176000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47176000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47184000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47184000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47185000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47185000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47186000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47189000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47190000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47190000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47191000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47192000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47194000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47198000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47201000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47202000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47203000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47203000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47204000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47204000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47206000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47206000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47208000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47209000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47211000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47211000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47212000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47213000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47213000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47217000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47217000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47222000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47222000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47223000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47224000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47225000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47226000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47226000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47227000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47228000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47228000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47230000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47230000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47231000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47231000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47234000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47236000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47236000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47237000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47238000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47239000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47241000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47241000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47243000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47244000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47245000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47248000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47248000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47249000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47250000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47250000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47252000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47253000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47257000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47259000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47262000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47262000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47263000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47264000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47264000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47266000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47267000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47267000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47268000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47268000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47275000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47276000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47280000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47281000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47281000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47282000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47283000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47286000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47286000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47287000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47287000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47288000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47289000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47290000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47291000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47291000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47295000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47295000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47296000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47296000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47297000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47297000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47299000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47299000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47300000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47301000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47304000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47305000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47306000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47307000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47309000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47314000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47314000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47318000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47318000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47322000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47322000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47323000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47323000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47324000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47324000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47327000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47328000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47335000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47337000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47339000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47340000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47341000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47344000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47345000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47349000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47349000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47350000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47353000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47353000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47354000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47354000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47355000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47356000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47357000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47359000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47359000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47360000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47361000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47362000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47362000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47365000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47366000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47366000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47367000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47368000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47368000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47371000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47372000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47372000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47374000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47374000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47375000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47376000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47378000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47383000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47385000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47387000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47389000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47390000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47390000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47393000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47394000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47396000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47396000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47398000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47401000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47402000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47402000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47403000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47403000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47405000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47406000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47408000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47412000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47412000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47416000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47418000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47419000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47421000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47421000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47422000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47423000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47423000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47425000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47426000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47427000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47429000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47430000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47431000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47431000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47432000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47432000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47436000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47436000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47437000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47438000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47439000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47439000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47440000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47444000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47448000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47448000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47449000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47450000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47450000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47454000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47455000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47456000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47457000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47457000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47458000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47459000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47459000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47460000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47461000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47462000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47465000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47466000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47466000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47467000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47470000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47471000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47471000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47472000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47472000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47474000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47474000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47475000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47475000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47478000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47479000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47479000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47480000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47481000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47481000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47484000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47484000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47487000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47487000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47488000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47489000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47489000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47490000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47494000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47495000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47497000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47503000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47504000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47504000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47506000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47506000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47508000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47509000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47510000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47511000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47512000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47512000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47515000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47515000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47519000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47520000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47521000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47522000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47522000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47524000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47524000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47525000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47528000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47529000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47530000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47530000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47531000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47531000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47533000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47533000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47534000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47535000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47536000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47537000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47538000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47538000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47539000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47540000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47540000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47544000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47544000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47545000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47546000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47547000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47548000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47548000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47549000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47550000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47551000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47553000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47554000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47554000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47556000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47556000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47557000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47557000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47558000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47558000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47561000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47562000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47566000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47566000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47567000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47569000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47569000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47570000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47573000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47574000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47575000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47575000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47576000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47576000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47581000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47585000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47585000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47590000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47594000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47594000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47597000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47601000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47601000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47602000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47602000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47603000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47604000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47608000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47610000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47610000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47615000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47615000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47619000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47620000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47620000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47621000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47622000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47622000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47625000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47626000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47626000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47627000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47628000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47629000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47630000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47630000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47633000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47633000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47634000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47634000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47636000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47637000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47639000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47639000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47642000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47643000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47644000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47645000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47649000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47653000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47654000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47654000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47656000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47659000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47659000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47661000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47661000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47663000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47665000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47666000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47667000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47667000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47668000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47669000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47672000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47672000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47674000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47675000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47677000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47679000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47680000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47681000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47684000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47685000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47685000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47686000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47686000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47687000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47689000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47691000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47691000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47694000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47695000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47695000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47696000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47699000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47699000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47700000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47700000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47702000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47702000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47704000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47705000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47706000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47708000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47712000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47712000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47716000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47716000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47717000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47717000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47718000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47719000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47720000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47721000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47721000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47722000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47723000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47723000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47726000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47727000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47727000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47729000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47731000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47734000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47735000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47735000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47736000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47737000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47741000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47742000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47742000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47743000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47746000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47747000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47748000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47748000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47750000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47750000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47751000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47751000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47755000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47756000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47756000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47757000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47757000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47758000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47760000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47761000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47762000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47762000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47763000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47764000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47765000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47766000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47766000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47767000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47769000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47770000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47771000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47772000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47772000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47778000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47778000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47779000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47780000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47780000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47781000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47784000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47784000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47785000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47785000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47787000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47788000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47788000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47789000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47789000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47790000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47792000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47792000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47793000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47793000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47796000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47796000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47797000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47798000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47798000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47799000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47800000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47801000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47802000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47802000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47803000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47803000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47805000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47806000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47806000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47807000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47808000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47808000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47811000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 47811000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 47815000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47815000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47816000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47816000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47817000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47818000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47819000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47820000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47821000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47821000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47822000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47822000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47824000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47824000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47825000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47826000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47826000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47828000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47829000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47829000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47830000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47830000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47831000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47832000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47833000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47834000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47834000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47835000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47836000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47837000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47838000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47838000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47839000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47840000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47840000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47842000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47842000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47843000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47843000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47844000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47844000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47846000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47846000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47847000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47848000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47848000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47849000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47850000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47851000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47852000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47853000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47855000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47856000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47856000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47859000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47860000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47860000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47861000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47861000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47862000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47865000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47866000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47866000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47868000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47868000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47870000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47871000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47875000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47875000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47877000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47877000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47878000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 47880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 47880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 47881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 47882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48069000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48069000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48075000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48076000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48076000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48077000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48078000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48084000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48089000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48090000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48091000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48092000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48093000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48097000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48099000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48101000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48102000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48102000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48111000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48114000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48114000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48120000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48120000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48121000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48123000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48130000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48132000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48140000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48146000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48147000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48148000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48150000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48152000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48155000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48155000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48156000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48156000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48161000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48162000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48163000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48168000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48169000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48170000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48174000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48174000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48181000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48182000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48182000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48183000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48212000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48222000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48222000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48244000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48246000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48247000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48247000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48249000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48252000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48258000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48258000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48260000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48260000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48261000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48269000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48270000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48273000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48273000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48274000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48275000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48276000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48277000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48302000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48303000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48307000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48308000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48308000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48309000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48313000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48313000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48317000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48317000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48325000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48326000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48326000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48327000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48328000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48330000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48331000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48333000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48334000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48334000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48336000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48336000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48337000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48338000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48338000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48339000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48340000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48342000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48342000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48345000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48346000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48346000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48347000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48348000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48348000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48350000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48351000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48352000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48352000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48356000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48357000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48358000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48358000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48363000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48363000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48364000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48369000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48369000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48370000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48370000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48371000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48375000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48376000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48377000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48380000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48381000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48382000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48383000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48384000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48384000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48385000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48386000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48386000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48388000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48388000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48392000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48392000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48393000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48394000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48400000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48400000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48401000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48404000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48406000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48407000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48408000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48409000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48409000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48412000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48412000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48416000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48417000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48417000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48418000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48419000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48422000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48424000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48424000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48425000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48427000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48428000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48433000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48433000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48434000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48434000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48435000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48435000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48440000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48441000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48446000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48451000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48452000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48452000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48453000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48453000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48454000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48464000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48465000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48493000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48493000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48495000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48500000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48501000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48501000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48529000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48529000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48562000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48565000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48565000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48567000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48570000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48571000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48572000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48572000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48573000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48577000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48577000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48578000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48579000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48581000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48582000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48582000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48583000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48584000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48584000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48586000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48586000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48587000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48588000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48588000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48589000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48590000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48591000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48592000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48592000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48593000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48593000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48596000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48596000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48597000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48598000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48598000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48599000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48605000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48606000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48606000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48607000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48611000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48617000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48617000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48624000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48624000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48631000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48631000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48632000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48632000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48635000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48635000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48636000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48637000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48638000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48638000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48640000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48640000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48641000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48641000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48642000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48643000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48644000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48646000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48646000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48647000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48650000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48651000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48652000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48652000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48656000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48657000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48657000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48662000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48662000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48663000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48664000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48664000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48665000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48670000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48670000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48671000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48671000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48675000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48676000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48677000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48681000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48682000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48682000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48683000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48683000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48688000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48689000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48690000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48690000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48693000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48693000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48696000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48697000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48697000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48698000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48701000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48701000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48703000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48703000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48707000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48707000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48708000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48709000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48715000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48715000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48724000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48725000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48725000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48726000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48730000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48731000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48732000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48733000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48739000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48740000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48740000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48743000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48745000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48745000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48746000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48747000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48749000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48752000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48753000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48753000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48754000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48754000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48755000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48759000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48760000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48761000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48767000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48768000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48768000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48770000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48774000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48774000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48776000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48781000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48782000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48782000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48783000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48812000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48812000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48839000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48839000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48852000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48853000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48857000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48857000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48858000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48858000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48863000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48864000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48864000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48865000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48869000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48869000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48871000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48872000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48872000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48873000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48874000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48874000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48878000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48879000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48880000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48880000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48881000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48884000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48885000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48886000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48886000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48887000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48887000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48914000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 48914000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 48920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48922000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48923000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48924000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48925000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48925000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48926000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48926000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48927000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48929000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48929000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48930000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48930000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48932000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48932000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48935000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48937000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48937000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48943000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48944000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48945000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48945000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48948000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48949000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48950000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48953000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48955000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48956000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48956000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48957000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48958000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48958000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48960000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48961000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48962000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48963000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48964000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48964000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48966000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48968000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48968000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48969000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48970000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48970000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48975000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48975000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48976000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48976000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48981000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48982000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48983000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48987000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48988000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48993000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 48993000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 48994000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48994000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 48995000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 48999000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49001000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49004000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49005000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49006000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49006000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49007000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49014000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49013000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49028000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49029000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49033000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49034000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49035000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49035000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49040000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49041000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49042000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49042000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49044000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49044000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49055000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49055000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49056000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49057000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49058000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49058000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49060000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49061000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49061000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49064000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49065000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49069000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49071000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49072000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49073000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49074000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49075000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49077000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49078000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49079000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49080000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49081000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49083000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49085000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49086000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49086000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49087000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49088000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49092000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49093000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49094000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49094000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49095000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49100000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49101000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49105000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49106000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49107000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49118000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49118000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49122000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49122000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49123000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49124000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49125000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49125000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49127000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49128000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49129000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49129000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49130000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49131000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49132000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49133000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49133000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49134000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49134000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49137000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49139000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49141000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49141000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49142000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49142000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49143000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49143000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49145000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49145000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49150000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49151000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49151000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49152000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49157000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49157000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49161000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49162000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49167000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49167000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49171000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49172000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49173000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49173000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49178000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49178000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49179000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49180000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49180000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49186000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49187000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49188000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49188000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49192000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49193000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49193000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49195000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49198000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49199000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49200000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49200000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49201000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49207000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49207000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49232000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49240000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49240000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49242000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49243000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49253000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49254000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49254000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49255000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49265000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49266000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49271000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49271000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49272000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49272000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49278000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49278000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49284000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49284000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49285000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49285000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49292000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49292000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49293000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49293000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49294000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49301000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49302000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49303000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49310000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49310000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49311000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49312000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49315000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49315000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49330000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49331000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49332000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49332000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49333000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49341000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49343000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49343000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49344000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49379000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49380000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49381000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49397000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49397000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49398000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49399000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49399000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49407000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49421000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49421000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49428000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49429000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49441000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49442000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49443000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49443000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49445000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49445000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49446000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49447000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49447000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49461000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49463000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49463000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49468000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49468000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49469000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49469000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49476000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49476000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49477000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49477000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49483000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49483000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49485000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49485000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49491000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49491000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49492000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49492000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49497000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49498000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49498000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49499000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49499000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49503000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49511000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49511000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49520000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49525000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49526000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49526000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49527000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49528000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49534000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49541000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49542000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49542000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49543000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49543000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49552000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49552000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49553000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49563000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49564000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49564000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49888000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49888000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49904000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49904000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49906000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49906000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49907000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49914000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49915000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49916000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49921000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49921000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49922000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49933000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49933000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49934000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49934000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49938000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49939000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49941000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49951000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49951000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49952000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49952000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49953000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49963000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 49962000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 49978000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49978000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49979000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49979000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49980000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49987000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49988000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 49989000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 49990000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49996000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49997000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 49997000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 49999000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50014000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50014000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50015000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50016000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50016000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50050000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50050000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50059000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50060000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50066000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50067000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50077000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50076000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50090000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50091000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50098000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50098000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50099000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50100000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50108000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50108000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50109000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50109000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50110000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50117000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50118000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50119000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50126000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50126000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50127000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50128000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50135000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50136000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50136000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50137000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50138000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50138000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50146000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50147000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50158000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50158000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50159000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50160000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50172000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50172000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50194000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50195000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50196000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50196000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50197000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50207000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50208000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50209000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50210000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50220000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50220000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50221000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50232000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50233000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50233000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50234000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50235000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50235000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50386000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50386000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50560000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50560000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50578000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50579000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50580000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50580000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50604000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50604000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50647000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50648000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50648000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50649000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50650000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50669000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50738000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50738000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50775000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50775000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50776000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50794000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50794000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50795000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50823000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50823000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 50882000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 50882000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 50883000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50883000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50920000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 50920000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 50953000   CreateFile
    hName=C:\WINDOWS\system32\config\Rundll32.exe
    desiredAccess=GENERIC_READ 
    creationDisposition=OPEN_EXISTING
    Return=SUCCESS
# 50953000   CopyFile
    lpExistingFileName=C:\WINDOWS\system32\config\Rundll32.exe
    lpNewFileName=\prueba
    Return=SUCCESS
# 51080000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Return=0
# 51081000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    type=REG_SZ
    data=www.facebook.com
    Return=0
# 51082000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 51112000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0
# 51112000   RegCreateKey
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Return=0
# 51113000   RegSetValue
    hKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32
    type=REG_SZ
    data=C:\WINDOWS\system32\Rundll32.exe
    Return=0